计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (9): 107-110.DOI: 10.3778/j.issn.1002-8331.2010.09.031

• 网络、通信、安全 • 上一篇    下一篇

一种面向应用系统的强制访问控制模型

徐 璐,张红旗,杜学绘,王 超   

  1. 解放军信息工程大学 电子技术学院,郑州 450004
  • 收稿日期:2008-09-26 修回日期:2008-12-19 出版日期:2010-03-21 发布日期:2010-03-21
  • 通讯作者: 徐 璐

Application system-oriented mandatory access control model

XU Lu,ZHANG Hong-qi,DU Xue-hui,WANG Chao   

  1. Institute of Electronic Technology,The PLA Information Engineering University,Zhengzhou 450004,China
  • Received:2008-09-26 Revised:2008-12-19 Online:2010-03-21 Published:2010-03-21
  • Contact: XU Lu

摘要: 为解决传统BLP模型不适用于应用系统的问题,提出了一种面向应用系统的强制访问控制(ASOMAC)模型,该模型对BLP模型进行了扩展,通过角色与安全标记的结合运用,实现了最小权限和职责分离原则,有效提高了强制访问控制的灵活性,使其符合应用系统的特点和需求。对模型进行了形式化定义,给出了一套公理系统,最后设计并分析了基于该模型的强制访问控制系统。

关键词: 强制访问控制, 应用系统, 安全标记, 角色

Abstract: It is not applicable to implement BLP in application systems.So an Application System-Oriented Mandatory Access Control(ASOMAC) model extended from BLP is proposed to fit the characteristics and requirement of application systems,which combines the application of role and security label to implement principle of least privilege and separation of duty,and the agility of mandatory access control is improved.The formal definition and theorem system are presented.Finally the design and analysis of mandatory access control system based on ASOMAC are performed.

Key words: mandatory access control, application system, security label, role

中图分类号: